SAML changes to the controller

This commit is contained in:
tejaswini chile 2022-09-15 17:16:20 +05:30
parent fb65f18b5f
commit e94db861c5
4 changed files with 37 additions and 31 deletions

View file

@ -5,13 +5,11 @@ class DashboardController < ActionController::Base
around_action :switch_locale around_action :switch_locale
before_action :ensure_installation_onboarding, only: [:index] before_action :ensure_installation_onboarding, only: [:index]
before_action :redirect_to_custom_domain_page before_action :redirect_to_custom_domain_page
before_action :redirect_to_saml_login
layout 'vueapp' layout 'vueapp'
def index def index; end
request = OneLogin::RubySaml::Authrequest.new
redirect_to(request.create(saml_settings))
end
private private
@ -50,6 +48,13 @@ class DashboardController < ActionController::Base
redirect_to "/hc/#{portal.slug}" redirect_to "/hc/#{portal.slug}"
end end
def redirect_to_saml_login
# request = OneLogin::RubySaml::Authrequest.new
# redirect_to(request.create(saml_settings))
# end
redirect_to '/saml' and return unless Current.user
end
def app_config def app_config
{ {
APP_VERSION: Chatwoot.config[:version], APP_VERSION: Chatwoot.config[:version],
@ -66,26 +71,25 @@ class DashboardController < ActionController::Base
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume" settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
settings.sp_entity_id = "http://#{request.host}/saml/metadata" settings.sp_entity_id = "http://#{request.host}/saml/metadata"
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014" settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014'
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014" settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014" settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
# Optional for most SAML IdPs # Optional for most SAML IdPs
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
# or as an array # or as an array
settings.authn_context = [ settings.authn_context = [
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password" 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
] ]
# Optional bindings (defaults to Redirect for logout POST for ACS) # Optional bindings (defaults to Redirect for logout POST for ACS)
settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect
settings settings
end end
def cosnume def cosnume; end
end
end end

View file

View file

@ -1,8 +1,9 @@
# This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application. # This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
class SamlController < ApplicationController class SamlController < ApplicationController
skip_before_action :verify_authenticity_token, :only => [:consume] # skip_before_action :verify_authenticity_token, :only => [:consume]
layout 'vueapp'
def init def index
request = OneLogin::RubySaml::Authrequest.new request = OneLogin::RubySaml::Authrequest.new
redirect_to(request.create(saml_settings)) redirect_to(request.create(saml_settings))
end end
@ -13,11 +14,12 @@ class SamlController < ApplicationController
# We validate the SAML Response and check if the user already exists in the system # We validate the SAML Response and check if the user already exists in the system
if response.is_valid? if response.is_valid?
# authorize_success, log the user # authorize_success, log the user
session[:userid] = response.nameid session[:userid] = response.nameid
session[:attributes] = response.attributes session[:attributes] = response.attributes
else else
authorize_failure # This method shows an error message ChatwootExceptionTracker.new(response.errors, account: Account.first).capture_exception # This method shows an error message
# List of errors is available in response.errors array # List of errors is available in response.errors array
end end
end end
@ -29,22 +31,22 @@ class SamlController < ApplicationController
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume" settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
settings.sp_entity_id = "http://#{request.host}/saml/metadata" settings.sp_entity_id = "http://#{request.host}/saml/metadata"
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014" settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014'
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014" settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014" settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
# Optional for most SAML IdPs # Optional for most SAML IdPs
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
# or as an array # or as an array
settings.authn_context = [ settings.authn_context = [
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password" 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
] ]
# Optional bindings (defaults to Redirect for logout POST for ACS) # Optional bindings (defaults to Redirect for logout POST for ACS)
settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect
settings settings
end end

View file

@ -81,7 +81,7 @@
</form> </form>
<div class="column text-center sigin--footer"> <div class="column text-center sigin--footer">
<span>{{ $t('REGISTER.HAVE_AN_ACCOUNT') }}</span> <span>{{ $t('REGISTER.HAVE_AN_ACCOUNT') }}</span>
<router-link to="/app/login"> <router-link to="/saml">
{{ {{
useInstallationName( useInstallationName(
$t('LOGIN.TITLE'), $t('LOGIN.TITLE'),